Hello, does anyone how to make pureftpd show symlinks? i cannot google anything. I want users to see directory /log which pureftd does not show.. here http://www.pureftpd.org/project/pure-ftpd they say Symbolic links can be followed when users are chrooted, even when they are pointing out of the chroot jail. This unique feature makes shared content easy to set up. but i think users are chrooted ?
According to http://download.pureftpd.org/pub/pure-ftpd/doc/README , you have to use the --with-virtualchroot switch.
If you are on Debian/Ubuntu, you can try this: Code: echo "yes" > /etc/pure-ftpd/conf/virtualchroot (I don't know if it works, I haven't tested it.)
this is list of my directories in root@web2:/etc/pure-ftpd/conf# ls -la total 72 drwxr-xr-x 2 root root 4096 2010-08-20 11:08 . drwxr-xr-x 5 root root 4096 2010-07-27 23:27 .. -rw-r--r-- 1 root root 36 2009-11-07 19:56 AltLog -rw-r--r-- 1 root root 4 2010-08-17 18:27 BrokenClientsCompatibility -rw-r--r-- 1 root root 4 2010-08-17 18:27 ChrootEveryone -rw-r--r-- 1 root root 4 2010-08-17 18:27 DisplayDotFiles -rw-r--r-- 1 root root 4 2010-07-27 23:36 DontResolve -rw-r--r-- 1 root root 6 2009-11-07 19:56 FSCharset -rw-r--r-- 1 root root 4 2010-08-20 11:05 MaxClientsNumber -rw-r--r-- 1 root root 3 2010-08-20 11:05 MaxClientsPerIP -rw-r--r-- 1 root root 5 2009-11-07 19:56 MinUID -rw-r--r-- 1 root root 29 2009-11-08 05:31 MySQLConfigFile -rw-r--r-- 1 root root 4 2009-11-07 19:56 NoAnonymous -rw-r--r-- 1 root root 4 2009-11-07 19:56 PAMAuthentication -rw-r--r-- 1 root root 12 2010-08-19 22:54 PassivePortRange -rw-r--r-- 1 root root 28 2009-11-07 19:56 PureDB -rw-r--r-- 1 root root 2 2010-08-19 23:07 TLS -rw-r--r-- 1 root root 3 2009-11-07 19:56 UnixAuthentication echo "yes" > /etc/pure-ftpd/conf/virtualchroot root@web2:/etc/pure-ftpd/conf# /etc/init.d/pure-ftpd-mysql restart Restarting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/virtualchroot: No corresponding directive this happens also if filename is VirtualChroot, same thing if ChrootEveryone = yes (tried also with this file removed)
Ok, this doesn't work then. Please delete /etc/pure-ftpd/conf/virtualchroot to make PureFTPd start again.
i tried more, virtualchroot Off is wrong, user then can follow link and leave his chroot directory which is bad... ProFTPD, ProFTPD, ProFTPD, ProFTPD, ProFTPD, ProFTPD, ! .o)
Hi, did anyone find a solution for that? As backups ars stored outside the users directories, but are symlinked there, FTP users cannot access their backups right now. I really need a solution for my users to access their backup files. Thanks Stefan
i was stupid, i had VIRTUALCHROOT=yes instead of VIRTUALCHROOT=true in config /etc/default/pure-ftpd-common has to look like this : # Configuration for pure-ftpd # (this file is sourced by /bin/sh, edit accordingly) # STANDALONE_OR_INETD # valid values are "standalone" and "inetd". # Any change here overrides the setting in debconf. STANDALONE_OR_INETD=standalone # VIRTUALCHROOT: # whether to use binary with virtualchroot support # valid values are "true" or "false" # Any change here overrides the setting in debconf. VIRTUALCHROOT=true # UPLOADSCRIPT: if this is set and the daemon is run in standalone mode, # pure-uploadscript will also be run to spawn the program given below # for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or # pure-uploadscript(8) # example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl UPLOADSCRIPT= # if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the # given uid and gid UPLOADUID= UPLOADGID= everything works fine now
Just to complete this, someone can use it, passive ports or TLS or whatever --with-virtualchroot is compiled by default on Ubuntu 10.0.4 LTS and other binary packages, that Ubuntu TLS bug is gone after last update (01/11) My directory /etc/pure-ftpd/conf - Values inside files AltLog - clf:/var/log/pure-ftpd/transfer.log BrokenClientsCompatibility - yes ChrootEveryone - yes (important!) DisplayDotFiles - yes DontResolve - yes FSCharset - UTF-8 MaxClientsNumber - 200 MaxClientsPerIP - 10 MinUID - 1000 MySQLConfigFile - /etc/pure-ftpd/db/mysql.conf NoAnonymous - yes PAMAuthentication - yes PassivePortRange - 60001 60200 (pickup any range you want, don't forget to set in firewall) PureDB - /etc/pure-ftpd/pureftpd.pdb TLS - 1 UnixAuthentication - no
there is problem in 3.0.3.2 so it don't work again, as i posted here http://www.howtoforge.com/forums/showpost.php?p=248860&postcount=26
For a real solution to this, here's the _correct_ way to do it. First, an explanation. pure-ftpd-mysql calls a wrapper to the main command. That wrapper is pure-ftpd-wrapper, normally found in /usr/sbin. In that file, you can see a list of the option/configuration files it looks for. One of which is TrustedGID. If the user you wish to have granted full access (this must be a REAL USER, not a virtual one) is part of the adm group, for example, look up the GID in /etc/group for the adm group (4 is normal) Then, you simply need to type 'echo 4 >/etc/pure-ftpd/conf/TrustedGID' and then reset pure-ftpd. Now, anyone in the adm group will be allowed the ability to break out of the chroot. This is the actual answer to the initial question, rather than a list of workarounds, reasons for not doing it, or deliberate misunderstandings
